23-03-202125-03-2021

Security daily (24-03-2021)

How to automate SCAP testing with AWS Systems Manager and Security Hub

US federal government agencies use the National Institute of Standards and Technology (NIST) framework to provide security and compliance guidance for their IT systems. The US Department of Defense (DoD) also requires its IT systems to follow the Security Technical Implementation Guides (STIGs) produced by the Defense Information Systems Agency (DISA). To aid in managing […] (AWS Security Blog)

Top insurer CNA disconnects systems after cyberattack

CNA, one of the U.S.’s top providers of cybersecurity insurance, is struggling with a cyberattack that prompted it to disconnect its systems from its network. Its website hasn’t been working for the last couple days, and at press time displayed the message, “The attack caused a network disruption and impacted certain CNA systems, including corporate email.” The Chicago-based firm reported more than $10 billion in revenue in 2020, and is in the top 15 U.S. property and casualty insurers and top 10 U.S. providers of cyber insurance, according to recent measurements. If the attack proves to include policyholder data, a cyber insurance industry expert warned, it could enable particularly devastating further incidents that hackers could use as leverage in extortion attempts. If that’s the case, CNA said, it will keep customers updated. The company said it discovered the intrusion on March 21, adding that it is working with forensics experts […] The post Top insurer CNA disconnects systems after cyberattack appeared first on CyberScoop. (CyberScoop)

China-based hackers used front companies to hack Uighurs, Facebook says

Facebook on Wednesday exposed what it said was a long-running hacking campaign targeting Uighurs living around the world and supported by Chinese technology firms. The scheme was aimed at journalists and dissidents, and affected Uighurs living in places like as far-flung as U.S., Turkey and Australia. It involved fake Facebook personas duping targets into clicking on links, as well as malicious Android and iOS software, Facebook said. Facebook said it’s aware of less than 500 people whom the campaign targeted. Facebook’s investigators traced the Android malware developers in the hacking campaign to Chinese firms Beijing Best United Technology and Dalian 9Rush Technology. Neither could be reached for comment on Wednesday. China has a history of allegedly using front companies as cover for its hacking operations. The hacking campaign began as far as back as 2019, and Facebook executives said they expected the attackers to continue their spying efforts. It’s only […] The post China-based hackers used front companies to hack Uighurs, Facebook says appeared first on CyberScoop. (CyberScoop)

COVID-19 vaccine scammers are still lurking

Scams looking to take advantage of people attempting to get vaccinated against the coronavirus are alive and well. In the approximately two months since the first COVID-19 vaccines became available in the U.S., vaccine-related phishing campaigns aimed at stealing victims’ credentials increased by 530%, according to Palo Alto Networks’ Unit 42 research published Wednesday. In one campaign, hackers created a website that imitated a page for the Pfizer and BioNTech vaccine, requesting users’ Office 365 credentials to purportedly register for a vaccine. Phishing campaigns targeting employees of hospitals and pharmacies rose 189% during the same time period, the researchers found. In some attacks, the hackers attempted to steal credentials from employees at Walgreens, Canada-based Pharmascience, India-based Glenmark Pharmaceuticals and China-based Junshi Biosciences. Unit 42’s findings cover scams researchers tracked through the end of last month. The pandemic has spurred on a flurry of new cyberthreats over the course of the […] The post COVID-19 vaccine scammers are still lurking appeared first on CyberScoop. (CyberScoop)

Federal advisories detail bitcoin payments to ransomware gangs, urgency of threat

Ransomware victims paid attackers at least $144.35 million in bitcoin between 2013 and 2019, according to a recent Federal Bureau of Investigation bulletin that likely fails to account for millions of dollars.  The figure, published in a Feb. 4 advisory from the bureau, is based on the financial losses than ransomware victims reported to U.S. law enforcement over a six-year span in which digital extortion evolved from a rare corporate annoyance to a global black market. Victimized organizations often do not report ransomware payments to the FBI, and hackers in recent months have demanded tens of millions of dollars from breached firms. U.S. insurers similarly have tried to gather information about the frequency, size and severity of digital crime sprees.  FBI officials publicized the figure as part of a National Cyber Investigative Joint Task Force fact sheet aimed at raising awareness about the ideal prevention and responses practices to ransomware. […] The post Federal advisories detail bitcoin payments to ransomware gangs, urgency of threat appeared first on CyberScoop. (CyberScoop)

Purple Fox Malware Has Propagated To Windows

(News ≈ Packet Storm)

Ransomware Now Hitting Hacked Exchange Servers

(News ≈ Packet Storm)

Chrome 90 Goes HTTPS By Default While Firefox Injects Substitute Scripts To Foil Tech Tracking

(News ≈ Packet Storm)

Tesla Cars Can Now Be Bought In Bitcoin

(News ≈ Packet Storm)

ProtonVPN CEO Blasts Apple for ‘Aiding Tyrants’ in Myanmar

CEO says Apple rejected a security update needed to protect human-rights abuse evidence. (Threatpost)

Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws

Thrive Themes has recently patched vulnerabilities in its WordPress plugins and legacy Themes - but attackers are targeting those who haven't yet applied security updates. (Threatpost)

Ransomware Attack Foils IoT Giant Sierra Wireless

The ransomware attack has impacted the IoT manufacturer's production lines across multiple sites, and other internal operations. (Threatpost)

Microsoft Exchange Servers See ProxyLogon Patching Frenzy

Vast swathes of companies were likely compromised before patches were applied, so the danger remains. (Threatpost)

Purple Fox Malware Targets Windows Machines With New Worm Capabilities

A new infection vector from the established malware puts internet-facing Windows systems at risk from SMB password brute-forcing. (Threatpost)

23-03-202125-03-2021

/security-daily/ 25-03-2021 23:44:22